After deployment of BestCrypt Volume Encryption (BCVE) on remote computers administrator can manage BCVE on client computers through
BestCrypt Volume Encryption tab of Jetico Central Manager Console:
Jetico Central Manager Database receives and displays the following information from BCVE program running on the client computers:
1 - Information about all disk volumes (partitions) on the computer, sizes and labels of the volumes.
2 - Status of every disk volume (encrypted/partially encrypted/not encrypted).
3 - Log information about BCVE events (encrypting/decrypting volumes, installation of new disk volumes, rescue information updating, etc.).
Rescue information about all encrypted volumes. Click Rescue to prepare rescue file or rescue bootable disk
to recover encrypted disk volume on the selected computer. Article
Rescue procedures on client computers describes in detail
how to recover encrypted disk volumes on client computer.
Distributing encryption policies.
Administrator of JCM Console can manage encryption policy on client computers using the following settings:
Automatic encryption and decryption of client computers.
Administrator can set the options Encrypt fixed disks or Decrypt fixed disks to get all the volumes on client computers encrypted or decrypted automatically.
Alternatively, administrator can transfer the right to manage a client computer to the local user by setting the option Manage by local user.
After Encrypt fixed disks option is set, BCVE on the client computer will ask the user to enter
a password to encrypt the volumes. The encryption will start and will be performed in the background.
For automatic encryption, BCVE uses AES encryption algorithm and XTS encryption mode.
The process can be stopped, but it will be automatically resumed after 30 seconds or after reboot.
As soon as the process starts, the user will have to enter the password at boot time.
NOTE: The automatic encryption may NOT start (or not resume) for the following reasons:
1. The client computer was not rebooted after installation.
2. The client computer is currently using the option Manage by local user.
3. BCVE main window has been opened on the client computer.
3. The client-server connection has been lost.
Removable disk policy.
JCM administrator can force encryption of removable devices on client computers. The removable devices can be password-protected or JCM-protected inside the local network.
See Removable Disks Protection for more details.
Click Recover Removable Disk to recover encrypted removable disks in case the user
has forgotten password or if the disk appeared as damaged.
Administrator can temporarily suspend client protection, i.e. remove boot-time authentication (note that the volumes are still encrypted). It may be required to allow the computer(s) to automatically restart
(Windows Updates, backup purposes, etc.). The feature is necessary to manage servers that are required to function all around the clock.
The option is available only for the computers for which Encrypt fixed disks policy is set. As soon as administrator sets this option, JCM Console will report it in the log file:
After that, if the client computer is ON, another report in the log file is expected:
If the client computer is OFF, it will receive the setting and send this report to the Console when it is turned on. After getting this confirmation from the client, boot-time authentication has been removed.
ATTENTION! The option Suspend protection exposes a security risk. For example, someone can turn off the computer,
take it out of the company, turn it on again and get access to the data. Remember to turn the option OFF as soon as automatic reboot is not required anymore.
To set an encryption policy to a group of computers:
Select the group of computers on the left pane of Jetico Central Manager Console.
In Inherit Group settings drop-down list select one of the options:
JCM Console can highlight the client computers that use individual settings by a different icon. To enable this function, set the option
Highlight computers with individual settings for BCVE in Computers menu.